If your Valentine’s Day celebration includes a weekend away in a hotel, keep a close eye on your credit card statements – you may not feel the love for long.

According to the 2016 Trustwave Global Security Report, the global hospitality industry has the second largest share of breach incidents. Both large chains and single properties are affected by hotel data breach incidents.

Point-of-sale (POS) malware is one of the biggest source of stolen payment cards for cyber criminals but there is lots of other information to target as well.

Hotels have massive databases of confidential information from guests used for booking rooms and/or making payments at hotel shops. Names, addresses, credit card data, passport information, personal preferences, and medical data can all be used for identify theft and account fraud.

At the same time, the interconnection of computerized systems means that when cyber criminals breach a network they may be able to affect structural parts of the hotel too, such as door locks, heating and air, and electrical.

Hotels have always provided rigorous physical security for their guests, and now it’s important to show that all property including confidential information is secure.

Here is how hotels can better protect customer data, and reduce the risk of data breach and hotel fraud:

Assess risks: Know what critical data is on file and where exactly it resides; also, how does it move inside and outside of the organization.

Protect POS systems: According to Trustwave, 65% of breaches are caused by POS point-of-sale malware with weak remote access security contributing to 44% of the compromises. Invest in the latest cyber security tools including encryption, anti-virus software, and firewalls to safeguard against POS attacks and other malware. Patch all terminals regularly especially those in constant use. Isolate POS systems from other networks.

Employee training: The hospitality industry is known for its high turnover – 66.3% according to U.S. Bureau of Labor statistics – and this can affect front-line defense. Provide regular and on-going security awareness training for all employees.

Culture of security: Implement a culture of security so that security awareness is ingrained from day one. It should be evident at all levels of the organization.

100% NAID Certified. North American Shred-it locations are NAID Certified for mobile document destruction, adhering to the stringent security practices and procedures established by the National Association for Information Destruction.

In compliance with the American Disabilities Act Amendment (ADAAA), Accessibility for Ontarians with Disabilities Act (AODA) and other state or province accessibility laws and regulations, if you use a screen reader and need help with this website or have feedback or inquiries about accessing material on this website because of a disability, contact Accessibility@stericycle.com.
Our policy is available in accessible formats upon request.